Welcome to Mosaify Development!

mosaify cut

We enable Security Scanner Diversity and make security scanning easy and fun! Yay!

  • We make you security scanner independent and instantly add free scanners to improve the report quality.

  • We save you over 75% of the cost when onboarding a new security scanner, and we make integrations easy.

  • We give back over 50%-75% of the time engineers spend on security vulnerabilities, while providing usable and actionable data.

What is Mosaify?

  • Mosaify is not a security scanner - we make you security vendor-agnostic by adding an automation and abstraction layer.

  • We help you use any scanners you want, including free scanners and commercial scanners from reputable vendors.

  • We enable you to use multiple scanners simultaneously and make switching from one security vendor to another easy.

  • We also improve both detection precision and data by normalizing and saturating scanning data across various scanners.

  • We help you process and make sense of scanner reports.

  • We enable you to make informed, automated decisions based on scan results in almost any scenario

Why settle for using just one security scanner?

Security tools are as diverse as people, with their advantages and shortcomings. Additionally, numerous free tools are available, so why limit yourself to investing everything in just one? Should you replace that tool later, all the time and resources spent on integrating it with your processes will become waste, and you’ll have to start from scratch - again and again!

We have witnessed many companies that stick to just one, good and expensive, vulnerability scanner. However, the unpleasant surprise comes when customers, 3rd parties, or, worse, attackers use something else, and they suddenly start seeing issues that the only scanner the company has chosen doesn’t detect.

Why not utilize as many security tools as possible, including free ones, and leverage all the data we can gather from them, thereby obtaining a practical, comprehensive, and saturated dataset that is easy to work with? Security scanner diversity in action!

The answer is - complexity. And we solve that problem for you. We make it easy for you to run as many diverse scanners as you want at any point in your software delivery pipeline, orchestrating their runs and collecting and joining all the data we get from them.

Any software engineer who has ever attempted to integrate a security scanner into their continuous delivery pipeline will likely agree with us that it appears more complex than it seems - especially when it comes to consuming the security tool’s outputs. We are here to help you - how about this simple example?

That moment when you’ve scanned your project with every security scanner you’ve got your hands on and realized that it would take 2.5 years to just read through all those reports…​
— Literally,any security-aware engineer

…​However, you found a tool capable of digging through these findings, deduplicating, and normalizing them across multiple scanners, instantly saving you 85% of your time…​

image 2024 12 25 20 01 18 147

Our simple math is based on a very optimistic estimation that it takes at least 15 minutes to analyze one security issue:

Before → 21,587 x 15 min = 5,396.75 hours (2.5 years)

After → 3,278 x 15 min = 655.6 hours (4 months).

And that’s overall just a simple issue, deduplication - we didn’t even include all the other useful features our product includes!

Try it for yourself!

You can download the latest version of our experimental CLI right here:

At this time, it requires a Java Runtime Environment in the system.

Installing Java Runtime

Windows users:

Use Winget in Command Prompt:

winget install Azul.Zulu.21.JRE

All other users:

Use SDKMAN!

curl -s "https://get.sdkman.io" | bash
sdk install java 21.0.6-zulu